Routing with 2 Servers

Hi all

I am currently studying the Routing and remote access section of 70-291 and have come accross a problem.

I am trying to setup a 2 Windows Server 2003 router setup. See image for current setup

When i set it up i can contact each router and clients if connected to the subnet but when i try to get internet access it just hangs. I have enabled NAT on the external interface and i see mappings going through it. But the connection just fails.

If i disable the adapter with ip address 172.16.3.1 and restart the RRAS service it works fine. I think this is a problem with the default routes on Router 1 but i am a bit stumped at the moment in time. Routing tables below.

Any help appreciated

Router 1

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10005 ...00 19 5b 80 1e b3 ...... D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C)
0x50003 ...00 d0 70 01 9c 10 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC
0x60004 ...00 0c 6e bd 71 cb ...... 3Com Gigabit LOM (3C940)
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.1.1 172.16.1.1 1
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 30
0.0.0.0 0.0.0.0 192.168.0.10 172.16.1.1 1
0.0.0.0 0.0.0.0 192.168.0.10 192.168.0.10 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.1.0 255.255.255.0 172.16.1.1 172.16.1.1 1
172.16.1.1 255.255.255.255 127.0.0.1 127.0.0.1 1
172.16.2.0 255.255.255.0 172.16.3.2 172.16.3.1 3
172.16.3.0 255.255.255.0 172.16.3.1 172.16.3.1 20
172.16.3.1 255.255.255.255 127.0.0.1 127.0.0.1 20
172.16.255.255 255.255.255.255 172.16.1.1 172.16.1.1 1
172.16.255.255 255.255.255.255 172.16.3.1 172.16.3.1 20
192.168.0.0 255.255.255.0 192.168.0.10 192.168.0.10 30
192.168.0.10 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.0.255 255.255.255.255 192.168.0.10 192.168.0.10 30
224.0.0.0 240.0.0.0 172.16.1.1 172.16.1.1 1
224.0.0.0 240.0.0.0 172.16.3.1 172.16.3.1 20
224.0.0.0 240.0.0.0 192.168.0.10 192.168.0.10 30
255.255.255.255 255.255.255.255 172.16.1.1 172.16.1.1 1
255.255.255.255 255.255.255.255 172.16.3.1 172.16.3.1 1
255.255.255.255 255.255.255.255 192.168.0.10 192.168.0.10 1
Default Gateway: 192.168.0.10
===========================================================================
Persistent Routes:
None

Router 2

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 17 3f cf 1b c0 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC #3
0x10004 ...00 17 3f cf 24 4d ...... Realtek RTL8139 Family PCI Fast Ethernet NIC #2
0x10005 ...00 17 3f cf 0b dc ...... Realtek RTL8139 Family PCI Fast Ethernet NIC
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.3.1 172.16.3.2 1
0.0.0.0 0.0.0.0 172.16.3.2 172.16.2.1 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.1.0 255.255.255.0 172.16.3.1 172.16.3.2 3
172.16.2.0 255.255.255.0 172.16.2.1 172.16.2.1 20
172.16.2.1 255.255.255.255 127.0.0.1 127.0.0.1 20
172.16.3.0 255.255.255.0 172.16.3.2 172.16.3.2 20
172.16.3.2 255.255.255.255 127.0.0.1 127.0.0.1 20
172.16.255.255 255.255.255.255 172.16.2.1 172.16.2.1 20
172.16.255.255 255.255.255.255 172.16.3.2 172.16.3.2 20
192.168.0.0 255.255.255.0 172.16.3.1 172.16.3.2 3
224.0.0.0 240.0.0.0 172.16.2.1 172.16.2.1 20
224.0.0.0 240.0.0.0 172.16.3.2 172.16.3.2 20
255.255.255.255 255.255.255.255 172.16.2.1 172.16.2.1 1
255.255.255.255 255.255.255.255 172.16.3.2 172.16.3.2 1
255.255.255.255 255.255.255.255 172.16.3.2 10005 1
Default Gateway: 172.16.3.1
===========================================================================
Persistent Routes:
None

Find more posts tagged with

Comments

dynamik

Yea, your default routes are messed up. Sorry I can't give you any specific advice on how to fix it; I'm not in a place where I can look at RRAS.

royal

The problem is pretty clear. You have multiple default gateways assigned. You can't have multiple default gateways on the same box as that just doesn't make sense because the whole point of a default gateway (0.0.0.0) is that it goes to 0.0.0.0 if all else fails. If you have multiple 0.0.0.0's, Windows gets confused.

Choose 1 NIC, put a default gateway on it, and then create persistent (static) routes to all your other subnets that go out of a specifc interface and uses the next hop as the RRAS server that acts as a router. The next hop address needs to be on the same subnet hence why you'd have an RRAS server with multiple IPs on the different segments to allow it to be a router for your different segments.

So in short (too late..), only have 1 default gateway set on any given server and then create persistent (static) routes for everything else so Windows doesn't get confused.

paulctech

cheers guys, i was in the right area anyway. I will give it a go tonight and let you know how i get on

sprkymrk

Yes, I agree with royal on this. My first thought was also to disable RIP since you only have 1 subnet on the other side of router 2, then just create a static route on router 1 like this:

route add -p 172.16.2.0 mask 255.255.255.0 172.16.3.2

And yes, if you simply create a static route from the cmd line, it will show up in RRAS.

Then your default gateway on Router 2 should point to 172.16.3.1, so any non-direct connected networks will be routed that way. Remember, a router is always aware of directly-attached networks and you don't need routing statements or protocols for it to know about them. Finally, your default gateway on Router 1 should point to your internet access IP, such as your cable modem.

royal

This is something I often do on DMZ servers that have 2+ NICs with 1 NIC sitting on the internal network. Let's say the company has an external facing router and an internal facing router. The internet facing router is going to be more restrictive. For example, let's say I wanted the server to talk over port 636 if I'm doing LDAPS authentication. On the DMZ server, I would put the Default Gateway on the external NIC.

So this should be fine right? The server has an internal NIC sitting in the internal network. But what if you have multiple internal subnets and the server you're doing 636 with happens to sit on a different network? That 636 may try to go through the internet facing router. It may not be allowed to go through (636 may be blocked). The internal router has 636 open. So, what to do? Create a static route so all the internal subnets will go through the internal router. The static route will have a next hop on the same subnet as your internal NIC. It will then hit the internal router and then route to the appropriate network.

I was at a client a year back and they had ISA (issue explained above) and they had two default gateways assigned. Their ISA server constantly had issues and kept breaking. I instantly did a route print and saw two 0.0.0.0. I removed the default gateway on the internal NIC. I then created static routes. The problem completely went away.

dynamik

Any idea how he ended up with four on one and two on the other? That's what I thought was odd. Maybe he just added them manually, and I'm over thinking things...

royal

dynamik wrote:

Any idea how he ended up with four on one and two on the other? That's what I thought was odd. Maybe he just added them manually, and I'm over thinking things...

If he added them manually, they'd just up as persistent routes at the bottom of route print.

And ya, the multiple 0.0.0.0 is due to RIP and having multiple gateways that RIP will just add the default routes to the route table and Windows gets confused as all hell. Can either make each box have 1 default gateway and leave RIP on to figure out the routes or turn RIP off and create the persistent (static) routes.

dynamik

royal wrote:

If he added them manually, they'd just up as persistent routes at the bottom of route print.

Heh, that's what I thought originally. Then I "remembered" you had to specify the routes as persistent. Nope, that's the "permanent" option with Cisco static routes. Great, the lines are starting to blur

paulctech

hey all,

yea it was rip that created the multiple default gateways. Just made one default gateway on each router and it worked fine

I have now done this setup with static routes and rip. Pretty simple and logical if you just sit and think about it.

Cheers for all the info again